Update dependencies #149
Update dependencies #149
Conversation
|
CI will probably pass if #144 is merged and this is rebased on top of that. |
This updates to Fiona 1.10.0 which fixes GHSA-q5fm-55c2-v6j9 and GHSA-g4m4-9q4c-mfw6.
pjonsson
force-pushed
the
upgrade-dependencies
branch
from
d5c3159
to
8809e2b
Compare
|
The other PRs besides this in this repository aren't urgent from my perspective, save those for after your vacation. The "broken" constraints.txt is because numpy pulled some release candidate from PyPi, which in turn broke the previous release of rasterio. I saw in some PR comment on datacube-ows that omad was leaving "GA", so I'm guessing the people at the organizations maintaining opendatacube are spread thin at the moment. I don't want to pile more work on top of your pre-vacation backlog, but I have a very red internal CI job of the latest release of this repository that needs this PR. Earlier this year I got access to this repository from alexgleith for #128 (things outside my control have put that work on the backburner multiple times), so technically I believe I have enough access to sort myself out and make a new release from this repository. Would you like me to do that so you can focus on the rest of your big pile of work? I have a similar security fix PR in datacube-explorer that jeremyh approved the other day, but didn't merge, and I can't fix that/make a release on my own there (and even if I had access, I could merge my PRs but I don't know enough to be comfortable to make a release of datacube-explorer). It's usually been omad who has merged my PRs in datacube-explorer, do you know if someone else has that repository on their radar now? |
|
@SpacemanPaul I believe I have addressed your review point (rebased), and since main branch doesn't build, and latest release doesn't build, I will merge this now to get main back to green. I would like to tell Github that I've completed your requested changes, but the only "button" I see that presumably will re-enable the merge button is to dismiss your review. It's probable there is a better way somewhere in the Github UI, but I haven't found it, so I will try to dismiss your review so this can get merged. |
pjonsson
dismissed
SpacemanPaul’s stale review
I believe I addressed the concerns.
|
@SpacemanPaul well, that didn't work as intended, apparently the PR needs to be approved, and I can't do that on my own PR. It's been 10 days since my update, so I hope you have time to review this before your vacation. |
This updates to Fiona 1.10.0 which
fixes GHSA-q5fm-55c2-v6j9
and GHSA-g4m4-9q4c-mfw6.